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PROTECTED STORAGE DEVICE FOR COMPUTER SYSTKM 

The present invention relates to a method and apparatus for 
controlling access to and corruption of information in a 
5 computer system. 

US 5,657,473 discloses a method and apparatus particularly 
concerned with the detection and containment of hostile 
programs such as * virus* programs within con^uter systems, 

lb said method including dividing the information stored on the 
storage medium into a plurality of non-overlapping partitions, 

□ including a boot pctrtition and a plurality of general 

partitions, each of the partitions being further divided into 

'2 a plurality of sectors, any designated subset of the general 

i:| partitions being active at emy given time when the con^uter 

lift system is in use, 

3 said invention employing a supervising means (a Supervisor) 

separate of the central processing unit (CPU) 
i jallowing/restri^cting/prohibiting read/write operations upon 
2(tfthe storage medium depending on whether information to be read 
Qfrom a sector or written to a sector is in the boot partition, 

or in a general partition, and whether the partition is active 

or inactive, and 

said supervising means also allowing a format operation only 
2S on a partition which is active and prohibiting a format 

operation on the boot partition, or on a general partition if 
it is inactive. 

The described invention preferably uses a second processor 
30 which is made inaccessible to the user and to the virTis, 
supervising all data transfers between and within sub- 
divisions of the device or devices placed under its control. 

The Patent implication describes, as an example, an embodiment 
35 comprising a printed circuit board assembly containing a 
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dedicated micro-controller, used in place of the hard disk 
controller within the computer system. 

EP 0 800 135 Al discloses a method and apparatus for 
5 controlling access to and modification of information stored 
on a storage medi\im forming part of a computer system, 
said invention including by reference all aspects of the 
aforesaid invention of US 5,657,473, 

said invention designating at least one partition a Write Many 
10 Recoverable (WMR) partition wherein, in use, if a write 

command is issued to overwrite any resident information stored 
in a/the WMR partition by updated information, the updated 
information is written on the storage medium in a location 
other than where ciny resident information is stored and a 
15 pointer to the updated information is stored in a Sector 

Relocation Table (SRT) so that the updated infoirmation can be 
accessed, as recjuired during the remainder of a (user) 
session. An alternative method is also described wherein, if a 
write command is issued to overwrite any resident information 
20 stored in a/the WMR partition, prior to xindertaking said write 
command said information is copied and stored elsewhere on the 
storage medium to be copied back to said WMR partition when 
required. This could be implemented, for example, by a system 
reset. 



The application describes, as an exan^le, an embodiment 
comprising a printed circuit board assembly (PCBA) containing 
a dedicated micro-controller placed in-line between the 
computer system hard disk drive controller (often embedded 
30 within the coir?)Uter system motherboard) and the hard disk 
drive . 

The method and apparatus in the aforementioned inventions 
propose the use of a second processor separate from the 
35 computer system central processing unit (CPU) . Although the 
aforesaid inventions do not specifically limit their scope to 
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combined hardware and firmware embodiments, both describe in 
detail embodiments which include a separate printed circuit 
board assembly, placed between the CPU and the storage medium. 
Such hardware embodiments have the following disadvantages: 
5 Such hardware embodiments have an associated cost per unit, 
which results in a base cost for the invention which must be 
met irrespective of sales volume; 

Such hardware embodiments must be installed within the 
computer system, generally requiring the computer system case 
10 to be removed; 

Such hardware embodiments require safety and emission 
approvals and require a high level of testing to ensure 
con5>atibility across the wide spectrum of existing computer 
systems; 

^15 Such hardware embodiments are subject to a level of conqponent 
failures . 

It is the subject of the present invention to avoid or 
minimise one or more of the aforesaid disadvantages. This 
1I2O dociament discloses a method (and related apparatus for) 
5 incorporating the methods outlined in both US 5,657,473 and EP 
0 800 135 Al into the storage device itself. 

Storage devices are frequently intelligent containing their 
25 own processor module, this being a potential ccuididate to 
undertake the functions of a Supervisor as described within 
the aforesaid inventions- This intelligent module controls the 
transfer of information to and from the storage medium via the 
interface to the computer system. According to the present 
30 invention as defined herebelow, this intelligent module is 
used to allow/restrict /prohibit, read/write operations upon 
the storage medium in a manner consistent with the aforesaid 
inventions . 

35 According to a first aspect of the invention we provide a 

storage device for a host computer system, the storage device 
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comprising: storage means for storing information; intelligent 
means for controlling the transfer of information to and from 
the storage means; and interfacing means for interfacing the 
storage device with the host coir^uter system and via which 
5 information is transferred to and from the storage means xinder 
the control of said intelligent means, 

the storage means comprising: a storage medium divided into a 
plurality of non-overlapping partitions; non-volatile read- 
only-memory (ROM) means for storing firmware for controlling 
10 operation of the storage device; and volatile random-access - 
memory (RAM) means; 

wherein supervising means is incorporated in said storage 
means for operating said intelligent means so as to protect 
information stored in the storage medium. 

15 

The term * information' as used herein is intended to cover 
information, data and/or program code, any or all of which may 
be stored in the storage means . 

20 The supervising means Supervisor') preferably protects the 
said information by controlling access to and modification 
thereof in accordance with pre-programmed protection criteria. 

Incorporating the Supervisor within the storage device has the 
25 following advantages: 

where an intelligent means is already present on the storage 

device, the methods outlined in the aforesaid inventions may 

be implemented with no hardware changes to the storage device; 

physical installation of a separate PCBA containing the 
30 Supeirvisor is no longer required; Supervisor firmware may be 

included within the storage device during manufacture or may 

be added by mecuis of a software utility; 

since a separate E>CBA is no longer recpiired, manufacturing 
costs are significantly reduced by removing the requirement 
35 for additional hardware components and no additional safety or 
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emission testing is re<xuired o^e'r and above that required for 
the storage device without Supervisor firmware; 
bv removing the requirement for additional circuitry external 
to the storage device, there is a reduction in the 
5 conpatibility issues that may arise from the diversity of 
computer systems and storage device combinations which are 
possible. 

A further advantage is that by incorporating the Supervisor in 
10 the storage device, rather than in additional hardware . thxs 
allows the supervisor to be implemented in laptop, notebook 
and/or other small portable computers since there is no extra 
space required for such additional hardware. 

15 in prior art systems in which the Supervisor was provided as 
additional hardware located between the storage device and the 
host CPU. one problem was that the computer system could 
potentially be tampered with so as to remove this additional 
hardware, in order to make the computer system operate as 
20 normal, without the Supervisor. A further advantage of the 
present invention is that by incorporating the Supervisor 
within the storage device, the Supervisor cannot be removed 
without removing and/or tampering with the storage devxce 
itself • 

^ A further significant advantage of the present invention is 
that whereas in the prior art system the Supervisor hardware 
was located on the interface between the storage device and 
the host CPU, and therefore changes in this interface (e.g. an 
30 increase or change in data flows across the interface) 

required reconfiguration and/or adjustment of data handling by 
the supervisor, in the present invention the Supervisor is 
independent of such interface changes by virtue of bexng 
incorporated in the storage device itself. Interface changes 
35 thus do not affect the Supervisor. 
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The storage device may be a hard disk drive. The storage 
mediiun may comprise one or more disk platters. The supervising 
meax!S is preferably provided as firmv/are which is stored in 
said non-volatile ROM on the storage device. It will be 
5 appreciated that if an unauthorised user were to attempt to 
remove the Supervisor by removing the ROM, this will render 
the storage device inoperative . 

The intelligent means preferably comprises a processor, often 
10 referred to as a micro -controller , which nans the Supervisor 
firmware stored in the ROM means. Hard disk drives are now 
available which incorporate a printed circuit board assembly 
(PCBA) including a micro-controller for running programs 
stored in memory meauis provided on the PCBA. In such drives, 
15 this processor means may conveniently fiinction as the micro- 
controller for use in the present invention. The Supervisor 
firmware ccui be stored in non-volatile ROM provided on the 
PCBA. 

20 Said non-overlapping partitions into which the storage mediiim 
is divided preferably include a boot partition and at least 
one general partition, each said partition being divided into 
a plurality of sectors. The storage medivim may have a 
plurality of general partitions defined thereon, any 

25 designated siabset of which are active at any given time, in 
use of the con^uter system. 

Preferably, the supervising mecuis operates said intelligent 
mecins so as to allow/restrict/prohibit read/write operations 

30 upon the storage medium depending upon whether information to 
be read from a sector or written to a sector is operating 
system information or user information, whether the sector is 
in the boot partition or in a general partition and whether if 
the partition is a general partition the partition is active 

35 or inactive. The supervising means may also allow a format 
operation only on a general partition which is active and 
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prohibit a format operation on'lhe boot partition or on a 
general partition which is inactive. The supervising means 
preferably also monitors commands passing through the 
interfacing means between the storage device and the host 
5 computer system and prevents predetermined potentially 
disruptive interface commands from being implemented. For 
exaiaple. the supervising means may prevent disruptive Vendor 
unique commands or Format Track commands from being carrxed 
out . 

It will be appreciated that the supervising means preferably 
also ensures that firmware stored on the ROM means of the 
storage device, which includes the firmware providing the 
supervisor means, is also protected in that a user, or a user 
15 program operating in the host computer system, does not have 
access to the ROM means (or the RAM means) of the storage 
device itself and ahy firmware or other code stored therexn xs 
thus unalterable by the user or user program. 

20 optionally, the supervising means may cause a warning to be 
issued to the user should an atten«>t be made to perform a 
prohibited read, write or format operation. 

At least one of said partitions of the storage device may 
25 comprise a Write Many Recoverable (WMR) partition wherexn, xn 
use if a write command is issued to overwrite (i.e. update) 
any information stored in the WMR partition the updated 
information is stored elsewhere on the storage medxum, 
preferably in a dedicated area of the storage medium, and a 
30 pointer to the updated information is provided so the updated 
information can be accessed as required during the remainder 
of the session, wherein a system reset causes the Ixst of 
pointers to the updated information, and optionally the 
updated information itself, to be cleared. 

35 
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Where such a WMR partition is provided, the or each said WMR 
partition prefereLbly has a Sector Relocation Table (SRT) 
associated therewith which is held in said volatile means 
of the storage device, each entry in a said SRT is a pointer 
5 which defines the address of a range of sectors in the WMR 
partition that have been updated and an address where the 
updated information is located, this location being within a 
dedicated area on the storage medium which is accessed only by 
the supervisor means. 

10 

Alternatively, at least one of said partitions of the storage 
device comprises a Write Many Recoverable (WMR) partition 
wherein, in use, if a write command is issued to overwrite 
(i.e. update) any information stored in a/the VMR partition 
15 prior to undertaking said write command said information is 
copied and stored elsewhere on the storage medixim to be copied 
back to said WMR partition when required. This could be 
implemented, for example, by a system reset* 

20 Where the storage medium comprises at least one disk platter 
and a boot partition, said boot partition will include a disk 
boot sector. According to the present invention, the storage 
device may be provided with loader means and said supervising 
means may be adapted to intercept any request for the disk 

25 boot sector, issued by the host computer system in use 

thereof, and supply said loader means to satisfy the request. 
The loader means is preferably configured to load or transfer 
a predetermined code segment, which is stored on the storage 
means, to a central processing \init (CPU) of the host con^uter 

30 system to be executed by the computer system prior to 

(normal) operating system boot. This code segment may provide 
user prompts, cuid communication with the supervising means. 
The loader means is preferably provided in said non-volatile 
ROM of the storage device. Alternatively, said loader means 

35 may be provided in a reserved area on the storage medium, for 
exanple in one or more reserved tracks of a said disk platter 
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of the storage device. This reserved area is preferably 
inaccessible to a user or user program (but is accessible to 
the Supervising meaLns) whereby \inauthorised alteration of the 
loader means is prevented. 



The code segment may be provided in said non-volatile ROM 
means of the storage device or, preferably, in a reserved area 
of the storage medium which is also preferably inaccessible to 
a user or user program, but is accessible to the Supervising 
10 means, whereby unauthorised alteration of the code segment is 
prevented. 

Optionally, the storage device may be placed in either 
'^supervised* mode, in which the supearvising means is active, 

15 or "unsupervised* mode in which the supervising means is not 
active. Said code segment, when executed, preferatbly provides 
user prompts which allow a user to select either * supervised" 
mode, or by entry of a password select * unsupervised' mode. 
The code segment is prefereJ^ly constructed such that, 

20 subseq[uent to mode selection by the user, the code segment 
transfers and executes the boot program from the disk boot 
sector of the storage medium which, in turn, initiates 
operating system boot (in the host computer system) The 
correct password (for comparison against a password input by a 

25 user) may be stored in said non-volatile ROM of the storage 
device or on the storage medium itself. 

According to a second aspect of the invention we provide a 
computer system incorporating a storage device according to 
30 the al>ove -described first aspect of the invention. 

According to a third aspect of the invention we provide a 
method of controlling access, to and modification of 
information stored on a storage medium of a storage device for 
35 incorporation in a host computer system wherein the storage 
device conprises storage means for storing information. 
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intelligent means for controlling the transfer of informatxon 
to and from the storage means, and interfacing means for 
interfacing the storage device with the host computer system 
and via which information may be transferred to and from the 

5 storage means under the control of said intelligent means, and 
the storage means comprises: a storage medium; non-volatile 
read-only-memory (ROM) means for storing firmware for 
controlling operation of the storage device; and volatile 
random-access -memory (RAM) means; 

10 the method comprising the steps of: 

dividing the storage medium into a plurality of non- 
overlapping partitions including a boot partition and at least 
one general partition, and dividing each said partition into a 
pl\irality of sectors; 

15 providing supervising means in said storage means for 

operating said intelligent means so as to protect information 
stored in the storage medium; and 

incorporating the storage device in a host conqputer system, 
and running the host coitqputer system with the supervising 
20 means operating said intelligent means so as to protect 
information stored in the storage medixim. 

Preferably said supervising meeuis is provided for 
allowing/restricting/prohibiting read/write operations upon 

25 the storage medium depending upon whether information to be 
read from a sector or written to a sector is operating system 
information or user information, whether the sector is in the 
boot partition or in a general partition and whether if the 
partition is a general partition the partition is active or 

30 inactive, 

said supervising means optionally also allowing a format 
operation only on a general partition which is active and 
prohibiting a format operation on the boot partition or on a 
general partition which is inactive. 
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said supervising means being adapted to intercept each 
interface re<iuest from the host con?>uter system to said 
storage device, 

and the supervising means, preferably, causing a warning to be 
5 issued to the user should an attempt be made to perform a 
prohibited read, write or format operation which operation is 
prevented by the supervising means; 

providing a loader means, said supervising means being adapted 
to supply said loader means in response to any request, issued 

10 by the host con«)uter system, for the disk boot sector of the 
boot partition; and executing the loader means by the central 
processing unit (CPU) of the computer system in place of the 
requested disk boot sector, the loader sector transferring a 
code segment stored in the storage device, preferably in the 

15 storage medium thereof, into a RAM of the CPU for execution 
thereon, the. code segment, vrtien executed, initiating a user 
interface procedure, preferably in the form of user pron«>ts, 
whereby a user may select one or more protection options; 
and whereupon, subsequent to a said selection having been made 

20 by the user, said code segment transfers the disk boot program 
stored in the disk boot sector as originally requested and, in 
turn, executes the disk boot program which then initiates 
operating system boot (in the host computer system) . 

25 Said selection of protection options preferably includes the 
option, by entering a predetermined password, of setting the 
storage device in "unsupervised mode" whereby interface 
requests are not intercepted by the supervising means. The 
selection may also include the option of setting the storage 
30 device in "supervised* mode and further selecting one or more 
active partitions and/ or of designating at least one of said 
partitions a Write Many Recoverable (WMR) partition wherein, 
in use, if a write command is issued to overwrite any resident 
information stored in a/ the WMR partition by updated 
35 information, the updated information is written on the storage 
medium in a location other than where any resident information 
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is stored and a pointer to the" updated inforroation is provided 
so that the updated information can be accessed, as required 

during the remainder of a session. 

5 The method may further include storing a Sector Relocation 
Table (SRT) which contains the pointers associated with each 
said WMR partition in the volatile RAM means of the storage 
device . 

10 Alternatively, the method may include the option of 

designating at least one of said partitions a write Many 
Recoverable (WMR) partition wherein, in use, if a wrxte 
command is issued to overwrite (i.e. update) any information 
stored in a/the WMR partition prior to undertaking said write 

15 command said information is copied and stored elsewhere on the 
storage medium to be copied back to said WMR partition when 
reqpiired. This could be ii,5,lemented, for example, by a system 
rese^ . 

20 Preferred embodiments of the invention will now be described 
by way of exan^le only, and with reference to the accompanying 
drawings in which : - 

Fig 1 is a schematic diagram of a hard disk drive according to 
one embodiment of the invention; 
25 Fig.2 is a flow chart illustrating a modified operating boot 
sequence implemented in the hard disk drive of Fig.l. 

Fig.l shows a storage device in the form of a hard disk drive 

1 for incorporating in a host computer system (not shown) . The 
30 drive is of conventional form having one or more disk platters 

2 mounted on a spindle motor drive mechanism on a printed 
circuit board assembly (PCBA) 3 having a ROM chip 4 containing 
finaware for controlling operation of the drive, and a RAM 
chip 5. The drive has an interface connector 6- which enables 

35 interfacing of the disk drive 1 to the host conqputer system, 
via which interface connector information, including user 
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information, operating system information, data and other 
programs, is transferred to and from the disk platter (s) 2. 
The PCBA 3 has a micro-controller 7 provided thereon which 
runs the firmware contained in the ROM chip 4, accesses the 
5 RAM chip 5 and controls the transfer of information, data 
and/or programs to and from the disk platter (s) via the 
interface. 

The firmware in the ROM includes -Supervisor- firmware for 
10 intercepting and validating each request to the hard disk 
(from the host coii«>uter system) in a manner previously 
described in US 5,657,473. the contents of which are therefore 
incorporated herein by reference. The operation of the dxsk 
drive beneficially also includes a method of controlling 
15 access to and modification of information stored on the dxsk 
platter(s) of the drive utilising a Write Many Recoverable 
(WMR) partition (or partitions) as previously disclosed xn EP 
0 800 135 Al, the content of which is also therefore 
incorporated herein by reference. 

Thus, the supervising means (Supervisor) forms part of the 
hard dxive itself, separate of a central processing unit (CPU) 
of the host computer system and inaccessible to the user, the 
supervising means controlling access to information stored on 
25 the disk platter (s) . 

According to the described embodiment, the disk drive 
operation provides a method giving the user the capability of 
selecting either an -unsupervised' or -unprotected- mode 

30 through entry of a password, or selecting a -supervised- or 
-protected- mode with further selection of one or more actxve 
partitions. To do this, a loader means in the form of a 
-loader sector- is provided in the form of executable code 
stored in the non-volatile ROM chip 4. the loader sector 

35 acting as a replacement for the disk boot sector of the active 
partition on the storage device, whereby each request (by the 
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host computer system) for said disk boot sector is intercepted 
by the Supervisor and said loader sector is supplied to 
satisfy the request, the loader sector being executed by the 
CPU of the computer system in place of the requested disk boot 

5 sector, said loader sector transferring a code segment (stored 
on a reserved track therefor on the disk platter (s) and 
referred to in further detail below) into RAM of the CPU of 
the host computer system for execution thereby; 
said code segment when executed, providing all required user 

10 prompts and communication with the Supervisor required for 
entry into either -protected" or -unprotected- mode, such 
that, subsequent to mode selection, said code segment executes 
the original disk boot sector program whicb then initiates the 
process of operating system boot. This modified operating 

15 system boot operation will now be explained in further detail 
with reference to Fig. 2 of the drawings which is a flow chart 
illustrating this operating system boot sequence. 

in the normal operation of a computer system, upon switch on 
20 of the system (or a request to re-boot the system) the host 
system central processing unit (CPU) requests the disk boot 
sector from the boot partition of a disk platter of the hard 
drive. In the present invention, the Supervisor intercepts 
any request for the disk boot sector. Upon interception of the 
25 disk boot sector request, the Supervisor returns the loader 
means (namely the -loader sector") stored in the ROM chip 4 in 
place of the disk boot sector. The host system will be unaware 
of this change having been made and will execute the loader 
sector which, in turn, transfers a code segment, stored in the 
30 storage device, to a RAM in the host computer system. This 
code segment is stored in a track 8 on the disk platter (or 
one of the disk platters) which is reserved therefor. This 
track is accessible only to the Supervisor means, being a 
track which is outside the area of the disk platter accessible 
35 to the host operating system. 
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The code segment contains code, to be executed by the host 
system, which issues user prompts and which communicates with 
the Supervisor, in order to enable the user to set the system 
in the "protected- mode or "unprotected* mode, as will be 
5 described herebelow. 

once the code segment has been transferred to the RAM of the 
host computer system it is executed thereby so as to, firstly, 
establish communication with the Supervisor, and then provide 
10 a user display screen (known as the HARDWALL banner - HARDWALL 
is a registered trade mark of Vircon Limited) which permits 
the user to select a desired protection mode, namely either 
•protected- or "unprotected- . If the user selects the 
"protected- mode the code segment then requests a list of 
15 dormant partitions from the Supervisor and displays them on 
the screen of the coit^juter system and proit«)ts the user to 
select one or more partitions from the list. Once the user has 
selected one or more partitions the code segment informs the 
supervisor of this choice. Prior to selecting a partition or 
20 partitions, which then become active, the system will 

previously have been configured in terms of partitions and a 
level of protection associated with them. These may be 
established by means of a software utility. In general, there 
are three types of partition, namely general partitions, read- 
25 only partitions and WMR partitions. Typically, a read-only 
partition and a WMR partition are always available. At the 
start of a session, when a general partition (or partitions) 
is selected and made active it is granted full read/write 
access. The remaining general partitions then become dormant 
30 whereby the Supervisor prevents their contents being accessed 
and hence protects them during that particular user session 
(which lasts until switch-off or re-boot of the computer 
system) . Read-only partitions are granted read access only, 
all write commands being prohibited by the Supervisor. The 
35 function and features of the Supervisor are disclosed and 
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described in detail in US 5,657,473 (incorporated herein by 
reference) and will therefore not be repeated here. 

in the preferred embodiment, at the stage of the process where 
5 the user selects one or more active partitions, the executed 
code segment will make available to the user one or more 
partitions designated as write-Many-Recoverable (WMR) 
partitions. If a write command is issued by the host system 
(e.g. by a user program) to overwrite any resident information 
10 stored in that WMR partition, the updated information is 
stored elsewhere on the disk platter(s) in a dedicated area 
thereof, and a pointer to the updated information is kept (in 
the RAM chip 5 of the drive) so the updated information can be 
accessed as required during the remainder of the session, and 
15 wherein a system reset causes the list of pointers to the 
updated information, and optionally also the updated 
information itself, to be cleared. Each WMR partition has a 
Sector Relocation Table (SRT) associated with it containing 
the pointers which define the address of a range of sectors in 
20 the WMR partition which have been updated and an address where 
the updated information is located. This updated information 
is located in a dedicated area of the disk platter (s) which is 
accessible only to, and is protected by, the Supervisor. This 
may be achieved by the dedicated area being disposed in an 
25 area of the disk platter (s) to which any access by the host 
system is denied by the Supervisor, the dedicated area in this 
manner being effectively -hidden" from the host system. 
Alternatively, the dedicated area could be disposed outside 
the physical area (namely tracks) of the disk platter(s) which 
30 is accessible to the host operating system, in an area which 
is accessible only to the Supervisor. The SRT table (s) are 
stored in the RAM chip 5 of the disk drive 1. The details and 
implementation of the WMR technique are disclosed and 
described in detail in EP 0 800 135 Al, previously referred to 
35 and incorporated herein by reference, and are therefore not 
described in any further detail herein. It will be appreciated 
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that the WMR facility enables a user to write to the 
designated WMR partition(s) during a session on the computer 
system, but each time the computer system is re-booted all 
changes are erased so as to leave each WMR partition in its 
5 original state. Typically, the boot partition will be chosen 
by the user to be designated a WMR partition. 

In an alternative WMR technique, also described in EP 0 800 
135 Al, if a partition is designated as WMR, in use, if a 

10 write command is issued to overwrite (i.e. update) any 

information stored in a/ the WMR partition prior to undertaking 
said write command said information is copied and stored 
elsewhere on the storage medium to be copied back to said WMR 
partition when required. This could be implemented, for 

15 exaii«>le, by a system reset. For the avoidance of doubt, the 
use of this alternative WMR is method is also intended to be 
within the scope of the present invention. 

The RAM chip 5 is also used to store information regarding the 
20 protection state attributed to each partition in the drive at 
any given time, for example which partitions are active and 
which ax& inactive, which are WMR partitions, which are 
read/write accessible, which are read-only, etc. This 
information, %*hich can be referred to as a Permission Table. 
25 is also stored in the RAM chip 5 of the disk drive 1. 

once the active partition (s) have been selected, and any WMR 
partitions, the code segment transfers the original disk boot 
sector stored in the disk drive to the host computer system 
30 RAM for execution thereby, the executed disk boot sector 
initiating operating system boot in the host system. 

If, at the stage where the user is prompted to select 
"protected" or -unprotected* mode (i.e. "supervised" or 
35 "unsupervised- ) , the user selects "unprotected" , the code 
segment prompts the user to enter a password. The password 
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entered by the user is then transferred to the Supervisor 
firmware for validation thereby (by matching it against a 
correct password stored in the ROM chip 4 of the drive 1) . A 
limited number of retries is permitted if the user enters an 

5 incorrect password. Once a correct password has been entered 
and validated, the code segment provides the user with the 
option of requesting to change the password. If such a request 
is made, the code segment prompts for a new password to be 
entered twice, the two entered passwords then being 

10 transferred to the Supervisor firmware for con5>arison and 

storage (in the ROM chip 4 of the drive) . The Supervisor then 
enters the ^unprotected- or •unsupervised' mode and the code 
segment proceeds to transfer the original disk boot sector to 
the host system RAM for execution thereby in order to initiate 

15 operating systan boot in the host system. 

A more detailed description of the above-described embodiment 
is not given herein, as this would be within the normal 
Tinderstanding of a person skilled in the art. 

20 

The embodiment of the present invention includes no physical 
electronic components that are not present in many 
commercially available hard disk drives. The invention 
requires only the following features in the disk drive in 
25 order to inqplement the invention thereon: 

memory locations within the Read Only Memory (ROM) chip 4 to 

contain the firmware code to implement Supervisor 

functionality (the Supervisor firmware); 

integration of the Supervisor firmware into the existing 
30 control firmware of the hard disk drive, ensuring that no 
interface request is serviced before the Supervisor firmware 
has checked and validated the request; 

memory locations with the embedded Random Access Memory (RAM) 
5 of the hard disk drive to store the SRT and Permission Table 
35 which are created and maintained during each session on the 
coirputer system; 
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memory locations within the ROM for the storage of the 
password for use in selecting supervised or unsupervised mode; 
memory locations within the ROM 4 for the storage of the 
loader sector; 

5 sectors on the hard disk drive itself for storage of the code 
segment which is required to be passed to the con^uter system 
and executed during the initial power up and configuration 
process, said sectors being within one or more reserved tracks 
on the disk surface which are inaccessible to the host 

10 computer system (and any user programs running therexn) and 
accessible only to the Supervisor. 

It should be noted that the Supervisor firmware is configured 
to prohibit any access to itself, or alteration to itself, by 
15 user commands (issued by a user or user program) which attempt 
to read, corrupt or modify the Supervisor firmware. 

It will be appreciated that, as an alternative to providing 
the invention in the drive at manufacture thereof, where a 
20 hard drive having the necessary features outlined immediately 
above is provided, the invention could be implemented by 
loading the Supervisor firmware into the disk drive by means 
of a software utility program in order to obtain a disk drxve 
which operates in accordance with the present invention. 
25 Although the Supervisor firmware will preferably be loaded 

into the ROM of the drive, it is envisaged that some or all of 
the Supervisor firmware could be written onto the disk 
platter (s). In this latter case, any of the Supervisor 
firmware which is stored on the disk platter (s) will be 
30 protected by the Supervisor itself so that a user or user 
program cannot gain read or write access thereto. 

The embodiments of the present invention hereinbefore 
described are given by way of example only, and it will be 
35 appreciated that various modifications thereto will be 

possible without departing from the scope of the invention. In 
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particular. the invention is applicable not only to storage 
devices in the form of hard disk drives, but also to other 
t-ypes of storage device. For example, the Supervisor firmware 
could be incorporated in a solid state storage device, such as 

5 a FLASH memory card. Also, the Supervisor firmware could be 
stored on an optical storage medium, such as a compact dxsc 
(CD) or digital video disk (DVD) , for use in an optical 
storage device, e.g. CD or DVD drive. Equally, some or all of 
the supervisor firmware could be stored in the ROM of a CD or 

10 DVD drive. 



